SSH client setup

see sshd for the server

Key-pair

Generate your workstation key pair

ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub

and copy/paste it to the servers you need to maintain (~/.ssh/authorized_keys)

cat ~/.ssh/id_*.pub

Eventually store the fingerprint of your public key (MD5 used at GitHub),

ssh-keygen -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.sha256
ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.md5

also provide the PPK format for e.g. Filezilla, but unless you are willing to compile the dev version, you will have to use RSA or DSA (-t rsa, dsa, rsa1),

sudo apt install putty-tools
puttygen ~/.ssh/id_ed25519 -o ~/.ssh/id_ed25519.ppk

fix the permissions,

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 400 ~/.ssh/id_*

Setup

Make it easier to deal with known hosts (don’t hash them out), show the host public key in visual form so you get used to it, and speed up SSH logon by disabling GSSAPI

mv -i /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config
vi /etc/ssh/ssh_config

Host *
    HashKnownHosts no
    GSSAPIAuthentication no
    VisualHostKey yes

Agent

as user

vi ~/.profile

    SSH_ENV="$HOME/.ssh/environment"

    function start_agent {
         echo "Initialising new SSH agent..."
         /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
         echo succeeded
         chmod 600 "${SSH_ENV}"
         . "${SSH_ENV}" > /dev/null
         /usr/bin/ssh-add;
    }

    # Source SSH settings, if applicable

    if [ -f "${SSH_ENV}" ]; then
         . "${SSH_ENV}" > /dev/null
         #ps ${SSH_AGENT_PID} doesn't work under cywgin
         ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
             start_agent;
         }
    else
         start_agent;
    fi

Resources

Check SSH fingerprint https://rawsec.ml/en/check-ssh-fingerprint/ –> see at the bottom


HOME | GUIDES | BENCHMARKS | html